Position Overview
- Location Type: Remote
- Job Type: Full-Time
- Salary: Not Specified
Quora is a "remote-first" company. This position can be performed remotely from multiple countries around the world. Please visit careers.quora.com/eligible-countries for details regarding employment eligibility by country.
About Quora:
Quora’s mission is to grow and share the world’s knowledge. To do so, we have two knowledge sharing products:
- Quora: a global knowledge sharing platform with over 400M monthly unique visitors, bringing people together to share insights on various topics and providing a unique platform to learn and connect with others.
- Poe: a platform providing millions of global users with one place to chat, explore and build with a wide variety of AI language models (bots), including GPT-4, Claude 3, Gemini Pro, DALL-E 3 and more. As AI capabilities rapidly advance, Poe provides a single platform to instantly integrate and utilize these new models.
Behind these products are passionate, collaborative, and high-performing global teams. We have a culture rooted in transparency, idea-sharing, and experimentation that allows us to celebrate success and grow together through meaningful work. Join us on this journey to create a positive impact and make a significant change in the world.
This role will be working on both Quora and Poe.
About the Team and Role:
You will be a key member of the newly created Security Engineering Team, with a mission to keep Quora safe from security problems by building robust protections around our products, infrastructure and people. Our small engineering team works on challenging problems every day. We have a culture that's rooted in constantly learning and improving, and our engineers are encouraged to think big and experiment with new ideas.
What We’re Looking For:
- Sweat The Right Details: you thrive in understanding the details but will also know to ruthlessly prioritize the critical issues.
- Right-Size The Solution: you recognize guidelines and framework do not always fit the problem and know how to adjust the solution for scalability not always at-scale.
- Ownership: you are outcome focused and can deftly navigate obstacles, decompose complexities, manage your time and can communicate your vision to peers and management.
An Ideal Candidate Would…
- Be a capable software engineer while also possessing the following domain expertise:
- Secure Web Application Development: You are proficient in developing secure web applications and APIs, with a strong understanding of OWASP Top 10 and other common web vulnerabilities such as XSS, CSRF, SQL Injection, and clickjacking. You have experience implementing mitigations such as Content Security Policies (CSP), SameSite cookies, and secure HTTP headers. You are adept at building secure authentication and authorization mechanisms, including OAuth, OpenID Connect, SAML, and JWTs.
- Client-Side Security: You have expertise in improving the security posture of client-side web applications. You understand the nuances of browser extensions, sandboxing, and JavaScript security. You are knowledgeable about secure JavaScript frameworks. You can identify and mitigate attacks like DOM-based XSS and other client-side vulnerabilities.
- Cross-Browser Compatibility and Privacy: You are familiar with the intricacies of cross-browser compatibility and the security implications of browser-specific features. You are passionate about advancing privacy-respecting features in web applications, such as implementing proper cookie handling, using privacy-preserving APIs, and reducing fingerprinting risks. You follow developments in browser security policies like SameSite, Secure, and HttpOnly cookies.
- Performance and Security Tradeoffs: You understand the fine balance between performance optimization and security requirements in web applications. You can implement advanced security measures, You are skilled in analyzing and mitigating the impact of security features on page load times, caching, and scalability.
- Security Testing and To (Incomplete sentence)
Application Instructions
Not Specified
Company Information
Quora